Scan GitHub, GitLab, npm, or PyPI URLs for security vulnerabilities using 16 scanning engines to identify potential risks in repositories and packages.
Scan a single URL (GitHub, GitLab, npm, or PyPI) for security issues with 16 engines.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | URL to scan (GitHub, GitLab, npm, or PyPI) |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden of behavioral disclosure. It adds valuable context by specifying '16 engines,' indicating the scanning depth. However, it omits critical operational details: whether the scan is synchronous or asynchronous, authentication requirements, rate limits, or what data is retained.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, dense sentence with zero waste. Every clause earns its place: the verb defines the action, 'single URL' scopes the operation, the parenthetical lists valid inputs, 'security issues' defines the target, and '16 engines' specifies methodology.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the absence of an output schema and the existence of sibling 'get_scan_results,' the description should ideally indicate what this tool returns (e.g., a scan ID vs. full results). While adequate for basic invocation, it leaves ambiguity about the async workflow pattern suggested by the sibling tool names.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Input schema has 100% description coverage, establishing a baseline of 3. The main description essentially mirrors the schema's enumeration of supported platforms (GitHub, GitLab, npm, PyPI) without adding syntax details, validation rules, or examples beyond what the schema already provides.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description provides a specific verb ('Scan'), resource ('URL'), and scope ('security issues with 16 engines'). It distinguishes from sibling 'scan_my_servers' via the explicit 'single URL' qualifier and lists supported platforms (GitHub, GitLab, npm, PyPI), though it could explicitly clarify that this initiates the scan versus 'get_scan_results'.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage constraints by listing the four supported platform types (GitHub, GitLab, npm, PyPI), guiding users toward valid inputs. However, it lacks explicit workflow guidance regarding the relationship to 'get_scan_results' (e.g., whether this returns immediately with a scan ID or blocks for results) and doesn't specify when to prefer this over 'scan_my_servers'.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/MCPAmpel/mcpampel'
If you have feedback or need assistance with the MCP directory API, please join our Discord server